Publicity surrounding China’s growing cyber army, massive theft of information by trusted insiders like Edward Snowden, and large data breaches, such as the one experienced by Target Corporation in December 2013, all helped to elevate cyber risk to the forefront for business executives. With so much at stake—financial loss, operational disruption, competitive disadvantage, legal liability, and harm to corporate reputation—the question for corporate directors and officers is not whether to become involved in cyber risk management, but how to appropriately oversee their company’s initiatives. This report offers suggestions for directors on how to carry out their oversight role.